Authentication

Authenticate requests using API keys

API Keys

Write endpoints (create auction, place bid, settle) require an API key in the X-API-Key header. Read endpoints (GET /api/v1/auctions and GET /api/v1/auctions/:id) are public — no key required, though unauthenticated requests have lower rate limits.

X-API-Key: sk_your_api_key_here

API keys have the format: sk_[environment]_[random_string]

  • sk_live_ - Production API key
  • sk_test_ - Test/devnet key

Creating API Keys

  1. Sign in and open your profile page
  2. Open "Developer API Access" → "Manage API Keys"
  3. Create a key with name, type, and walletAddress
  4. Optionally set expirationDays
  5. Copy and securely store the key immediately
API keys are shown only once. If lost, you'll need to create a new key.

API Key Types

Developer Keys

General-purpose key type for app integrations

  • ✓ Create auctions
  • ✓ Place bids
  • ✓ Settle auctions
  • ✓ Access authenticated endpoints

Agent Keys

Automation-oriented key type

  • ✓ Create auctions
  • ✓ Place bids
  • ✓ Settle auctions
  • ✓ Access authenticated endpoints

Read-Only Keys

Intended for read-heavy integrations

  • • Type is stored on the key record
  • • Best suited for integrations that only read data (dashboards, price feeds)
  • • Use separate keys per app/service for easier rotation

Usage Examples

cURL:

curl https://api.snsauctions.xyz/api/v1/auctions \
  -H "X-API-Key: sk_live_your_key_here"

JavaScript/Node.js:

const response = await fetch(
  'https://api.snsauctions.xyz/api/v1/auctions',
  {
    headers: {
      'X-API-Key': 'sk_live_your_key_here'
    }
  }
);

Python:

import requests

headers = {
    'X-API-Key': 'sk_live_your_key_here'
}

response = requests.get(
  'https://api.snsauctions.xyz/api/v1/auctions',
    headers=headers
)

Security Best Practices

🔐 Never Expose Keys

Don't commit API keys to version control. Use environment variables instead.

🔄 Rotate Regularly

Periodically create new keys and revoke old ones. This limits exposure if a key is compromised.

📝 Restrict Permissions

Keep separate keys per service/workflow and rotate periodically to reduce blast radius.

👀 Monitor Usage

Check API key activity logs regularly for suspicious usage patterns.

🛑 Revoke Immediately

If an API key is compromised, revoke it immediately from your account settings.

Revoking API Keys

To revoke an API key:

  1. Go to your profile → Developer API Access
  2. Find the key you want to revoke
  3. Click the "Revoke" button
  4. Confirm the action
Revoking a key immediately invalidates it. Any requests using that key will fail.
Previous
API Keys
Next
Overview

© 2026 SNSAuctions.xyz. Built on Solana.

FollowNotifyJoin Discord